I started talking about an agile internal audit practice many years ago. In fact, I still have the deck from a presentation I gave to my local IIA (San Jose) chapter in 2002 entitled “The New Age of Internal Audit”.
I said, for example:
-
- The greatest risk is typically at the edge
…..where things are happening
…..where there is change
…..where management’s tolerance for risk is highest
-
- Put IA resources where the risk is
$ Provide Assurance
$ Add Value by helping Manage the Risk
-
- Audit at the speed of the business (and at the speed of risk)
- Risk is constantly changing
- Continuous risk assessment
- Confront the risk
….the core of the risk
….the politically risky risk
head on
XX
The idea was that internal auditors need to be prepared to rise to the challenge of turbulent change (driven primarily by technology) and modify our traditional practices. Risk is greatest where there is change and we must be responsive to those changes, providing assurance on what matters most (where the risk to objectives is greatest) when it matters (not taking weeks to complete a full audit and not then taking additional weeks or longer to report the results). Continuous risk assessment and the agility to change our plans at speed are essential.
XX
In 2014, I presented to IIA Malaysia on “The Agile Audit…
